CVE-2024-10598

Name of the Vulnerable Software and Affected Versions Tongda OA versions 11.2 through 11.6

Description A critical vulnerability was found in Tongda OA, affecting unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization, allowing remote attacks. The exploit has been disclosed to the public and may be used.

Recommendations For Tongda OA versions 11.2 through 11.6, update to the latest patched version immediately to mitigate risks. As a temporary workaround, consider restricting access to the Annual Leave Handler component until a patch is available. Additionally, audit logs for signs of exploit.